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(54) Title: SYSTEM AND METHOD FOR AUTHENTICATING A USER 

^ (57) Abstract: The system and method provides for the authentication of a user based on graphical input provided by the user. The 
^ user enters graphical input, such as a squiggle, into a graphical interface. A verifier compares the input pattern to a secret input 

pattern to determine if the two patterns are approximately similar in order to authenticate the user. Typically, the verifier uses an 
© approximation parameter to determine if the input and secret patterns are similar. Once the verifier authenticates the user, the user 
^ is allowed access to a resource, such as a computer system, portable computer, software application running on a computer system 

or other hardware device. 
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SYSTEM AND METHOD FOR AUTHENTICATING A USER 



Field of the Invention 

The invention relates generally to the field of security and authentication and, more 
particularly, to a system and method for using a graphic display to authenticate a user of a 
5 computer or other device. 

Background of the Invention 

Passwords have long been used to authenticate a user before providing access to a 
computer system or to some other device. They are easy to use and conceptually simple. They 
are probably the oldest and most common data security tool used in computing environments. 

1 0 Because they are generally alphanumeric in form and often closely related to words in natural 

language, passwords are relatively easy for users to remember. Typically, users can rapidly enter 
them through standard hardware peripherals such as keyboards. Nonetheless, in tarns of their 
security properties, passwords have shortcomings. Typically, users derive their passwords from a 
limited portion of the lexicons in their native languages, making them easy to guess, particularly 

15 in automated computer attacks. 

The vulnerability of passwords in computer systems is becoming increasingly 
problematic as computing and networking technologies aim to manage increasingly sensitive 
information. Consumers are beginning to use smart cards and other portable devices to carry 
digital cash. At the same time, corporations are making sensitive information more available on 

20 their networks and are employing digital signatures in committing to legally binding contracts. 
Hardware devices like smart cards and authentication tokens provide cryptographic 
authentication for such applications; but typically the cryptographic features of these devices are 
secured using passwords. 

It is possible to broaden the distribution of passwords that are used in a system, and 

25 thereby strengthen the system.by assigning randomly generated alphanumeric passwords to users. 
Even users with the most retentive memories, however, have difficulty remembering more than 
approximately seven alphanumeric characters. The total number of such seven character 
passwords is about 2 35 «10 n , which is too small to provide resistance against an automated 
computer attack on the password. Strong resistance to automated password attacks requires a 
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password space on the order of about 2 70 «10 21 . This space corresponds to random, alphanumeric 
passwords of sixteen characters in length, which is too long for practical use by most users. 

The difficulty users have in remembering enough password information to allow secure 
authentication is at odds with their ability to retain large amounts of other types of information in 

5 other contexts. A few examples of the other types of nonpassword data an individual may 

routinely remember are historical and personal events, the configuration of rooms in buildings, 
and the layout of city streets, not to mention the vocabulary and idioms of her native language. 
Some of that information may remain fixed in her memory over extended periods of time, even 
without frequent reinforcement. 

1 0 A number of researchers have investigated the use of such everyday information in 

connection with mnemonic systems as a replacement for passwords. One authentication 
approach exploits the ability of users to recognize faces. To authenticate herself in this system, a 
user is asked to identify a set of familiar feces from among a gallery of photographs. While 
conveniently universal, this system has large memory requirements for the storage of the 

15 photographs, and has relatively slow data entry time. Another proposed approach is based on the 
use of routes on a complex subway system, such as the Tokyo subway system, in connection with 
secrets, suggesting that users could retain relatively large amounts of information in this context. 
This approach has the advantage of mnemonic naturalness, but has a strong disadvantage in its 
idiosyncrasy because not all users live in cities with subway systems or use a subway frequently. 

20 A commercial system produced by Passlogix, Inc. of New York, New York effectively 

extends the mnemonic approach by allowing users to select from a range of mnemonic systems. 
Users caii, for instance, choose to use an interface displaying a room containing a collection of 
valuables, and encode a password as a sequence of moves involving the hiding of these valuables 
in various locations around the room. This method of password entry appeals to a natural 

25 mnemonic device because it resembles the medieval system of the "memory palace," whereby 

scholars sought to archive data mentally in an imagined architectural space. By allowing the user 
to select a password herself, however, this approach is vulnerable to the problem of predictability 
that occurs with conventional password systems. Some passwords are more popular than others, 
since they are easier to remember. In one example, one-third of user-selected passwords could 

30 be found in the English dictionary. Similarly, in a mnemonic system, users are more likely to 
pick some sequences than others. In one example, a mnemonic system allows users to trade 
stocks; typically, the users will choose from among the most popular stocks, as these are the 
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easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a 
substantial advantage by choosing Dow Jones stocks. In principle, if user passwords are formed 
as sufficiently long random sequences of moves, a mnemonic system will provide an adequate 
level of cryptographic security. Typically, mnemonic systems are not designed to fecilitate user 
5 memorization of random sequences, and may not even enforce a minimum sequence length in 
user password entry. A mnemonic system may also be cumbersome in terms of the user 
interaction involved in entering a password, in some cases demanding an involved sequence of 
non-uniform mouse movements to enter the password into a computer system. 
Summary of the Invention 
10 One objective of a system constructed according to the invention is to provide graphic or 

visual passwords that users can remember easily and for a long duration. Another objective is to 
provide a password that a user can enter with a minimum of physical effort, such as by minimal 
mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic 
display. An additional objective is that the entry of the password should require nrinimal mental 
15 effort 

Another objective of the invention is to provide flexible password entry. Unlike 
computer memory, human memory is prone to inaccuracy. One objective is to accommodate 
likely user errors. 

Another objective of the invention is to provide a system adaptable to computing 
20 environments with limited memory, power, and graphical display capabilities. In addition, a 
system constructed according to the invention should be useable with a range of hardware 
peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses. 

In one aspect, the invention relates to a method for authenticating a user. The method 
includes determining a secret pattern, entering an input pattern from a user on a graphical 
25 interface, determining an approximation parameter that can be used to compare the secret pattern 
to the input pattern, comparing the secret pattern and the input pattern to determine if the secret 
pattern and the input pattern are approximately similar within limits defined by the 
approximation parameter, and authenticating the user based on the comparison. 

In one embodiment, the method includes displaying a portion of the secret pattern on the 
30 graphical interface to the user. In another embodiment, the method includes determining the 
portion to display based on a display parameter. 
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In one embodiment, the method includes determining the secret pattern based on a grid. 
In another embodiment, the method includes selecting one or more blocks of cells in the grid 
based on the secret pattern. In another embodiment, the method includes comparing an input 
sequence for entering the input pattern with a secret sequence of the secret pattern. 

5 In one embodiment, the method includes entering the input pattern on a displayed grid on 

the graphical interface. In another embodiment, the method includes entering a squiggle. In a 
further embodiment, the squiggle includes a random shape. In another embodiment, the method 
includes entering a symbol. In another embodiment, the method includes entering a sketch. In 
another embodiment, the method includes selecting one or more points on each of a plurality of 

1 0 images displayed on the graphical interface. 

In another embodiment, the method includes allowing access to a resource in response to 
the step of authenticating the user. 

In one embodiment, the method includes generating a calculated value of the secret 
pattern, generating a calculated value of the input pattern, and comparing the calculated value of 
15 the secret pattern and the calculated value of the input pattern. In another embodiment, the 

method includes generating a hash of the secret pattern and generating a hash of the input pattern. 

hi another embodiment, the method includes determining one or more secret points ^ 
located in a display area and determining one or more approximation regions associated with one 
or more secret points. 

20 In another embodiment, the method includes providing one or more memory cues to the 

user. In a further embodiment, the method includes providing one or more visual and/or auditory 
memory cues. 

In another aspect, the invention relates to an authenticator for authenticating a user of a 
resource. The authenticator includes a graphical interface, a secret pattern, an input pattern, an 

25 approximation pattern, and a verifier. The graphical interface is capable of receiving graphical 
input from a user. The user enters the input pattern on the graphical interface. The 
approximation pattern can be used in comparing the secret pattern and the input pattern to 
determine if the secret pattern and the input pattern are approximately similar within limits 
defined by the approximation parameter. The verifier is in communication with the graphical 

30 interface and authenticates the user by comparing the secret pattern and the input pattern using 
the approximation parameter. 
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In one embodiment, the graphical interface displays a portion of the secret pattern to the 
user. In another embodiment, the graphical interface uses a display parameter to determine the 
displayed portion of the secret pattern. 

In one embodiment, the secret pattern is based on a grid. In another embodiment, the 
5 approximation parameter includes one or more blocks of cells in the grid based on the secret 
pattern. In another embodiment, the input pattern includes an input sequence and the secret 
pattern includes a secret sequence, and the verifier compares the input sequence and the secret 
sequence. 

In one embodiment, the graphical interface includes a displayed grid, and the user enters 
10 the input pattern on the displayed grid. In another embodiment, the input pattern includes a 

squiggle. In another embodiment, the squiggle includes a random shape. In another embodiment, 
the input pattern includes a symbol. In another embodiment, the input pattern includes a sketch. 

In another embodiment, the user selects one or more points on each of a plurality of 
images displayed on the graphical interface when entering the input pattern on the graphical 
15 interface. 

In another embodiment, the verifier allows access to a resource in response to 
authenticating the user. 

In one embodiment, the verifier generates a calculated value of the secret pattern, 
generates a calculated value of the input pattern, and compares the calculated value of the secret 
20 pattern and the calculated value of the input pattern. 

In another embodiment, the verifier generates a hash of the secret pattern and a hash of the input 
pattern. 

In another embodiment, the graphical interface determines one or more secret points 
located in a display area and one or more approximation regions associated with one or more 
25 secret points. 

In one embodiment, the graphical interface provides one or more memory cues to the 
user. In a further embodiment, the graphical interface provides one or more visual and/or 
memory cues. 

Brief Descriptions of the Drawings 



BNSDOC1D: <WO 0177792A2_I_> 



BNS page 6 



WO 01/77792 



PCT/US01/10498 



-6- 

The invention is pointed out with particularity in the appended claims. The above and 
further advantages of this invention may be better understood by referring to the following 
description taken in conjunction with the accompanying drawings, in which: 

FIG. 1 illustrates a functional block diagram of an authenticator system based on 
5 graphical inp>ut according to one embodiment of the invention. 

FIG. 2 illustrates a flowchart of the authentication process based on graphical input 
according to one embodiment of the invention. 

FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted 
squares or cells according to one embodiment of the invention. 

1 0 FIG. 4 provides a pictorial view of a grid and a secret pattern illustrated by connected line 

segments for one embodiment of the invention. 

FIG. 5 provides a pictorial view of an input pattern that closely approximates the secret 
pattern illustrated in FIG. 4. 

FIG. 6 provides a pictorial view of a partial display of the secret pattern illustrated in FIG. 

15 4. 

FIG. 7 provides a pictorial view of an approximation block of cells and an input pattern 
that is approximately similar to the secret pattern illustrated in FIG. 4. 

FIG 8 provides a pictorial view of a display area, secret points located in the display area, 
approximation regions based pn the secret points, and input points provided by a user, according 
20 to one embodiment of the invention. 

Detailed Description of the Invention 

FIG. 1 illustrates a functional block diagram of an authenticator system 110 including an 

input pattern 1 12, graphical interface 1 14, verifier 1 16, secret pattern 118, and approximation 

parameter 120. FIG. 1 also illustrates a user 124, who provides the input pattern 1 12 to the 
25 graphical interface 1 14, and a resource 126, which the verifier 1 16 allows the user 124 to access 

after verifying the input pattern 112 using the secret pattern 118 and the approximation parameter 

120, as will be discussed in more detail later. 

In one embodiment, the graphical interface 1 14 is a hardware device that provides a 

graphical display that can be viewed by the user 124 and which receives the input pattern 1 12 
30 from the user 1 24. In another embodiment, the graphical interface 114 is a CRT (cathode ray 
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tube) with a touch screen capability. In another embodiment, the graphical interface 1 14 is a flat 
screen device, such as a LCD (liquid crystal display) or an active-matrix display device with 
input capability. In one embodiment, the graphical interface 1 14 is a separate device that is 
electronically, optically, or otherwise in communication with the verifier 1 16. In another 
5 embodiment, the graphical interface 1 14 is integrated into another device, such as a computer 
system, laptop computer, palmtop computer, other portable computer, or portable cellular 
telephone. In other embodiments, the other device also includes the verifier 1 16 and/or resource 
126. 

In one embodiment, the verifier 1 16 is a software application executing on a general 
10 purpose computer system In alternate embodiments, the verifier 1 16 is implemented as a 
software module, program, or one or more objects, such as objects implemented in the C 
programming language. In another embodiment, the verifier 1 16 is a hardware device or 
integrated chip, such as an ASIC (application-specific integrated circuit). 

In one embodiment, the resource 126 is a computer system, a database, or other resource 
15 that the user 124 desires to employ. In another embodiment, the resource 126 provides 

computational resources or data that the user 124 would like to access. In another embodiment, 
the resource 126 is a physical location or entity that the user 124 desires to access or use, such as 
a room, a locked automobile, or the locked ignition mechanism for an automobile. 

In another embodiment, the graphical interface 1 14, verifier 1 16, and resource 126 are all 
20 part of the same computer system, laptop computer, palmtop computer, or other portable 

computer. In another embodiment, the graphical interface 1 14, verifier 1 16, and resource 126 are 
separate computers or devices connected in a network, which may be a local network, or a global 
network, such as the Internet 

In one embodiment, the authenticates system 1 10 uses tolerance parameters. In the 
25 embodiment of FIG. 1 , two tolerance parameters are shown, an approximation parameter 120 and 
a display parameter 122. In this context, a tolerance parameter provides a tolerance or limit for 
how much information the user 124 is given or how accurate the user's 124 input must be. The 
approximation parameter 120 indicates how close the input pattern 1 12 must be to the secret 
pattern 1 1 8 for the verifier 1 16 to consider the input pattern 1 12 to be approximately similar to 
30 the secret pattern 118. The display parameter 122 indicates how much of the secret pattern 118 
is displayed to the user 124. The user provides an input pattern 1 12 that matches the undisplayed 
portion of the secret pattern 118. 
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FIG. 2 illustrates a flowchart of the authentication process based on graphical input 
according to one embodiment of the invention. First, the verifier 116 determines a secret pattern 
118 (step 200). In one embodiment, the verifier 116 determines a random pattern for the secret 
pattern 1 1 8. In another embodiment, the verifier 116 determines or calculates a pseudo-random 
5 pattern, or a secret pattern 118 based on a mathematical function. In other embodiments, the 
secret pattern 1 18 is provided to the verifier 116 from an external source, such as a database or a 
trusted authority, such as a server computer connected over a network to the verifier 116. The 
user receives or has access to the same secret pattern 1 1 8 or trusted authority. 

Then the user 124 enters an input pattern 1 12 on the graphical interface 1 14 (step 202) in 
10 an attempt to match the secret pattern 1 1 8. In one embodiment, the user 124 is prompted with a 
portion of the secret pattern 118, which is displayed on die graphical interface 1 14 based on the 
display parameter 122. In one embodiment the display parameter 122 is a predetermined value 
obtained from a trusted authority, such as a server computer connected over a network to the 
graphical interface 1 14. In other embodiments, the graphical interface 1 14 or verifier 116 
15 determines a random value for the display parameter 122 or uses a mathematical function to 
determine the display parameter 122. 

Next, the verifier 1 16 determines an approximation parameter 120 (step 204). The ¥ 
verifier 116 uses the approximation parameter 120 to determine if the secret pattern 118 and 
input pattern 1 12 are approximately similar by comparing the secret pattern 118 and input pattern t 

20 112 (step 206). In one embodiment, the approximation parameter 120 is a predetermined value 
obtained from a trusted authority. In another embodiment, the verifier 116 determines the 
approximation parameter 120 vising a mathematical function. In another embodiment, the 
approximation parameter 120 is determined before or concurrently with dete rminin g the display 
parameter 122. In one embodiment, the approximation pattern determines an approximation 

25 region 144 (see FIG. 8) that is circular, square, or some other shape. 

In one embodiment, the verifier 116 compares the secret pattern 118 and input pattern 
112 directly to verify that the two patterns are approximately similar. In another embodiment, 
the verifier 1 1 6 compares a calculated value for the secret pattern 118 with a calculated value for 
the input pattern 112. 

30 In one embodiment, the verifier 116 compares a hash of the secret pattern 118 with a hash 

of the input pattern 1 12. In another embodiment the verifier 116 generates a hash of the secret 
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pattern 1 1 8 and stores this secret hash in a storage media, such as a hard disk, associated with the 
verifier 1 16 or authenticator system 1 10. In another embodiment, this verifier 116 stores the 
secret hash in a memory element, such as a ROM or RAM, associated with the verifier 1 1 6 or 
authenticator system 1 10. In another embodiment, the verifier 1 16 obtains the secret pattern 1 18 
5 or secret hash over a network or secure channel. In a further embodiment, the verifier 116 
compares a fuzzy or approximate value for the secret pattern 118 with a fuzzy or approximate 
value for the input pattern 1 12. 

If the verifier 116 finds that the secret pattern 1 18 and the input pattern 1 12 are 
approximately similar, then the verifier 1 1 6 authenticates the user 124 (step 208) and allows the 
10 user 124 to access the resource 126. 

FIG. 3 is a pictorial illustration of a grid 132 and a secret pattern 1 18 indicated by six 
highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132. In one embodiment, the 
graphical interface 1 14 displays to the user 124 the grid 132, wherein each square or cell in the 
grid 132 has a different color or shade. In another embodiment the grid 132 also displays a 
15 recognizable image, such as a photograph. In other embodiments, the grid 132 is not square but 
is a rectangle or other geometric form or shape. In one embodiment, the grid 132 is a square 
matrix where each side of the grid 1 12 has k cells, and the matrix is referred to as a k by k grid 
132. 

In one embodiment, the secret pattern 118 consists of a randomly selected sequence X = Xi, 
20 x 2 , x„ of n squares or cells in the grid 132 as illustrated by cells 13, 20, 26, 41, 49 and 63 in 
FIG. 3, where n has a value of 6. In another embodiment, the secret pattern 1 18 is a random 
squiggle that the user 124 must draw to within a certain tolerance, as described below. In other 
embodiments, the secret pattern 1 18 is a letter, number, or other symbol. 

In the embodiment shown in FIG. 3, the grid 132 is a 10 by 8 matrix of 80 cells indicated 
25 by cell numbers 1 through 80. The use of a 10 by 8 matrix is exemplary only and is not a 

requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric 
shapes may be used. In one embodiment, the user 124 provides an input pattern 1 12 by selecting 
the same points on the grid 132 in the same numerical sequence as the secret pattern 1 18, as 
indicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3. In another embodiment, 
30 the secret pattern 1 1 8 includes a secret sequence indicating the order for entering the cells of the 
input pattern 1 12. For example, the required or secret sequence for the secret pattern 118 may be 
26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence 
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of the input pattern 1 12 on the graphical interface 1 14 before the verifier 116 determines that 
there is a match between the secret pattern 1 1 8 and the input pattern 112. 

FIG. 4 is a pictorial illustration of a grid 132 and a secret pattern 1 18a. In FIG. 4 the 
secret pattern 1 18a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60. The 
5 secret pattern 1 1 8a shown in FIG. 4 is exemplary only. The secret pattern 1 1 8a is shown as a 
path extending generally from left to right, but this is not a requirement of the invention. 
Generally, the invention does not require a secret pattern 1 18 that tends in any one direction or 
forms any particular type of pattern. In alternate embodiments, the secret pattern 118 may be a 
random pattern, a pseudo-random pattern, or a pattern determined by a mathematical function. In 
10 FIG. 4 the secret pattern 1 1 8a is indicated by connecting lines. In other embodiments, the secret 
pattern 1 1 8a is indicated by curved lines, by a list of cell numbers, or other mechanism that 
indicates a unique secret pattern 1 18 in the grid 132. 

FIG. 5 illustrates the grid 132 and the secret pattern 1 18a of FIG. 4 along with an input 
pattern 1 12a that a user 124 has entered that closely approximates the secret pattern 1 18a. The 
15 input pattern 1 12a touches the same cells in the grid 132 as the secret pattern 118a. In one 

embodiment, the verifier 1 16 determines that the input pattern 1 12a is approximately similar to 
the secret pattern 1 1 8a by determining that the two patterns 1 12a, 1 1 8a touch the same cells. 

In one embodiment using a display parameter 122, the graphical interface 1 14 displays to 
the user 124 the first h squares in the sequence, xi, X2, Xh in a secret pattern 118. The value h 
20 is the display parameter 122 indicating that the graphical interface 1 14 displays only h squares of 
the secret pattern 1 1 8 to the user 124. 

For example, FIG. 6 illustrates a displayed portion 134 of the secret pattern 1 18a of FIG. 
4, for one embodiment of the invention. In this embodiment, h, the display parameter 122 has a 
value of 3, and the graphical interface 1 14 displays only the first three cells 3 1, 22, 33 of the 

25 secret pattern 1 1 8a. The user 124 must then enter an input pattern 112 that corresponds to the 
undisplayed portion of the secret pattern 1 18a. In other embodiments, the display parameter 122 
may have values other than 3, and the displayed portion 134 may be based on cells other than the 
first cells of the secret pattern 118, such as cells in the middle of the pattern 118, cells at the end 
of the pattern 1 1 8 or a selected number of cells determined by other methods. In another 

30 embodiment, the graphical interface 1 14 displays to the user 124 cells from two or more separate 
portions of the secret pattern 118. 
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In one embodiment using the approximation parameter 120, the user 124 must select a 
square within an rxr block centered around Xh+i, then Xh+2, etc., through x n to authenticate herself- 
The value r is the approximation parameter 120. The probability p that a guessed sequence X' is 
correct is easily seen to be (r/k) 2 *" 2 *. Thus if k - 100, r - 5, n « 10, and h - 2, then p « 10 -19 . 

5 For example, in one embodiment, FIG. 7 illustrates the grid 132 with an approximation 

block 136 and an input pattern 1 12b that approximately matches the secret pattern 1 1 8a. In one 
embodiment, the approximation parameter 120 has a value of 3 and one cell of the input pattern 
1 12b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a 
cell of the secret pattern 1 18a. The approximation block 136 illustrated in FIG. 7 is exemplary 

10 only, and an approximation block 136 may be centered or located at different cells on a secret 
pattern 118. For example, a 3 by 3 approximation block 136 centered on a central cell 22 of the 
secret pattern 118a includes cells 11, 12, 13, 21, 22, 23, 31, 32, and 33. Thus, in FIG. 7 cells 21 
and 12 of the input pattern 1 12b do not match cells 3 1 and 22 of the secret pattern 118a, but the 
verifier 116 considers cells 21 and 12 to be close enough to the secret pattern 1 18a because they 

15 are within the approximation block 136 centered on cell 22. In general, in other embodiments, 
the approximation block 136 is adjusted for special conditions such as cells at the edges and 
comers of the grid 132. For example, the approximation block 136 may be enlarged or otherwise 
changed if the central cell of the block 136 is at the edge or comer of the grid 132. If a central 
cell, such as 3 1, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted 

20 appropriately. Thus the 3 by 3 block centered on cell 3 1 is set to a 2 by 3 block of the cells 21, 
22, 31, 32, 41, and 42. In other embodiments, the approximation block 136 is adjusted in other 
ways, such as giving the approximation block 136 different sizes at different points in the secret 
pattern 1 12b. In general, the invention does not require the approximation block 1 36 to outline a 
square or rectangular shape, and, in other embodiments, the approximation block 136 outlines 

25 other geometric shapes. 

FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 
142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, 
referred to generally as 144, and input points 146a, 146b, 146c, 146d, 146e, referred to generally 
as 146, for one embodiment of the invention. The display area 140 is a visual area of the 
30 graphical interface 1 14 that the graphical interface 1 14 displays to a user 124. In other 

embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other 
geometric form or shape. 



3NSDOCID: <WO 01 77792A2J_> 



BNS oaae 12 



WO 01/77792 



PCT/US01/10498 



-12- 

The secret points 142a through 142e are part of a secret pattern 1 18 that is not displayed 
to the user 124 in one embodiment of the invention. The invention does not require that there be 
any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and 
in other embodiments, other numbers of secret points 142 may be used in the secret pattern 118. 
5 In another embodiment, the graphical interface 1 14 displays one or more points 142 of 

the secret pattern 1 1 8 on the display area 140 to the user 124 based on a display parameter 122. 
In one embodiment, the display parameter 122 indicates a value for the number of secret points 
142 to be displayed. For example, if the display parameter 122 has a value of 2, then the 
graphical interface 1 14 displays two points, such as 142a and 142d, to the user 124. The 
. 10 invention does not require that the displayed secret points 142 be adjacent to each other or in any 
serial order. For a given display parameter 122 value, different secret points 142 may be selected 
to be displayed at different times. 

In one embodiment, the graphical interface 1 14 displays an image or photograph that 
overlays the display area 140. If the graphical interface 1 14 displays an image or photograph, 
15 then in one embodiment the input points 146 are not displayed to the user 124. In another 
embodiment, the graphical interface 114 highlights or changes portions of the image 
corresponding to the locations of the input points 146. If a display parameter 122 is used, then 
the graphical interface 1 14 highlights portions of the image in the display area 140 that 
correspond to the one or more secret points 142 selected to be displayed based on the display 
20 parameter 122. 

The input points 146 represent an input pattern 112 that the user 124 enters on the 
graphical interface 1 14. In one embodiment, the approximation regions 144 are regions within 
which the user 124 must make her selections of input points 146 for the verifier 1 16 to verify that 
the user 124 has entered a valid input pattern 112. Typically the approximation regions 144 are 
25 not displayed to the user 124. In FIG. 8 the input points 146 are represented by crosshairs or 

crossed lines, for one embodiment of the invention. In other embodiments, the input points 146 
are represented by other geometric shapes, points, or symbols. In one embodiment, the user 124 
must enter the input points 146 in a predetermined sequence, such as providing input points 142 
to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another 
30 embodiment, the user 124 enters the input points 146 in any sequence. 
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In other embodiments, the approximations regions 144 are shapes other than the circles 
shown in FIG. 8, In other embodiments, the approximation regions 144 are of different sizes for 
different secret points 142. 

In one embodiment, each input point 146 must be touching or within the approximation 
5 region 144. In another embodiment, one or more input points 146 are allowed to be outside the 
approximation regions 144 based on the approximation parameter 120, and the verifier 1 16 still 
determines that the input pattern and secret pattern 1 1 8 are approximately similar if most of the 
input points 146 are within the approximation regions 144. In another embodiment, the 
approximation parameter 120.determines the size of the approximation regions 144. 

10 In one embodiment, the graphical interface 1 14 alters the shape of the approximation 

region 144 for one or more secret points 142. For example, if a secret point 142 is close to the 
edge of the display area 140, then part of the approximation region 144 for that secret point 142 
is truncated by the boundary of the display area 140. The graphical interface 1 14 may alter the 
approximation region 144 in other ways. In one embodiment, the graphical interface 1 14 

1 5 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is 
partially truncated by the edge of the display area 140. In another embodiment, the graphical 
interface 114 determines only one approximation region, such as an ellipse or other shape, for 
two or more secret points 142 located close to each other. 

In one embodiment, the secret points 142 are any points that can be determined in the 

20 display area 140. In another embodiment, the graphical interface 1 14 displays the display area 

140 using pixels, and each secret point 142 is a pixel. In another embodiment, the approximation 
region 144 is based on a predetermined pixel-distance tolerance. 

In one embodiment, the graphical interface 1 14 displays memory cues to the user 124 to 
encourage the user 124 to remember the secret pattern 1 18 so that the user 124 enters a valid 

25 input pattern 112 that the verifier 116 determines to be approximately similar to the secret pattern 
118. The use of memory cues applies to displays based on grids 132 or display areas 140. The 
memory cues are either static or interactive. In addition, memory cues are either visual, auditory, 
or based on some other sensory medium accessible to the human senses. 

In one embodiment, the graphical interface 114 provides a visual memory cue by 

30 changing the cursor shape or color depending on where on the graphical interface 1 14 the user 
124 locates the cursor or stylus. 
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In another embodiment, the graphical interface 1 14 or the authenticator system 110 
provides an auditory memory cue by playing a different piece of music for each image that the 
graphical interface 1 14 displays overlaying the grid 132 or the display area 140. 

In another embodiment, the graphical interface 1 14 provides a visual memory cue by 
5 changing the color or brightness of the image, or of part of the image, displayed to the user 124 
depending on where the user 124 locates the cursor or stylus on the graphical interface 1 14. 

In one embodiment, the graphical interface 1 14 displays successive images to the user 
124, wherein each image is determined dynamically based on the behavior and selections made 
by the user 124 when using a stylus or other input device to provide input to the graphical 

10 interface 1 14. In one embodiment, when the user 124 selects an input point 146 in a displayed 
image, the graphical interface 114 zooms in on the image or magnifies a portion of the image, 
which is then in turn displayed to the user 124. When the user 124 selects another input point 
146, then the graphical interface 1 14 zooms in on the image again. The graphical interface 1 14 
repeats this process until the user 124 has completed entering an input pattern 1 12. 

15 In another embodiment, the graphical interface 114 displays a number of portals, such as 

doors, and the user 124 selects one of the portals. The graphical interface 114 then displays 
different images depending on which portal the user 124 selects. In one embodiment, the user 
124 simulates entry through a door into another visual space, such as moving through one or 
more doors into one or more rooms in a building. In one embodiment, each door or portal 

20 represents a secret point 142 in the secret pattern 1 1 8. In another embodiment, each door or 

portal does not itself represent a secret point 142 in the secret pattern 1 1 8, but provides access to 
an image that includes one or more secret points 142. 

In another embodiment, the graphical interface 114 displays other visual metaphors and 
schemas that a user 124 follows when moving through a visual space, such as moving along a 

25 road or a path, or traveling in a vehicle, automobile, space craft, or water borne ship. In other 
embodiments, the graphical interface 1 14 displays other visual spaces or metaphors, as is known 
in the arts of computer graphics, computer and electronic games, and virtual reality. 

Having described the preferred embodiments of the invention, it will now become 
apparent to one of skill in the art that other embodiments incorporating the concepts may be 

30 used. It is felt, therefore, that these embodiments should not be limited to disclosed 

embodiments but rather should be limited only by the spirit and scope of the following claims. 
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CLAIMS 



What is claimed is: 



4 



2 



3 



1 



1 . A method for authenticating a user, the steps comprising: 
determining a secret pattern; 

entering an input pattern from a user on a graphical interface; 

determining an approximation parameter for use in comparing the secret pattern and the 



6 



5 



input pattern from the user; 

comparing the secret pattern and the input pattern to determine if the secret pattern and 



7 



the input pattern are approximately similar within limits defined by the approximation parameter; 



9 



8 



and 

authenticating the user based on the comparing step. 



1 2. The method of claim 1, further comprising a step of displaying a portion of the secret pattern 

2 on the graphical interface to the user. 

1 3. The method of claim 2, wherein the step of displaying the portion of the secret pattern 

2 comprises determining the portion to display based on a display parameter. 

1 4. The method of claim 1, wherein the step of determining the secret pattern comprises 

2 determining the secret pattern based on a grid. 

1 5. The method of claim 4, wherein the step of determining the approximation parameter 

2 comprises selecting at least one block of cells in the grid based on the secret pattern. 

1 6. The method of claim 1, wherein the step of comparing the input pattern and the secret pattern 

2 comprises comparing an input sequence for entering the input pattern with a secret sequence of 

3 the secret pattern. 

1 7. The method of claim 1, wherein the step of entering the input pattern comprises entering the 

2 input pattern on a displayed grid on the graphical interface. 

1 8. The method of claim 1, wherein the step of entering the input pattern comprises entering a 

2 squiggle. 

1 9. The method of claim 8, wherein the squiggle comprises a random shape. 

1 10. The method of claim 1 , wherein the step of entering the input pattern comprises entering a 

2 symbol. 

1 11 The method of claim 1 0, wherein the symbol comprises at least one of a letter and a number. 
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1 12. The method of claim 1, wherein the step of entering an input pattern comprises entering a 

2 sketch, 

1 13. The method of claim 1 , wherein the step of entering the input pattern further comprises 

2 selecting at least one point on each of a plurality of images displayed on the graphical interface. 

1 14. The method of claim 1, further comprising a step of allowing access to a resource in 

2 response to the step of authenticating the user. 

1 15. The method of claim 14, wherein the step of allowing access to the resource comprises 

2 allowing access to at least one of a hardware device, a computer system, a portable computer, a 

3 software application, and a database. 

1 16. The method of claim 1, further comprising steps of generating a calculated value of the 

2 secret pattern and generating a calculated value of the input pattern; and wherein the step of 

3 comparing the secret pattern and the input pattern comprises comparing the calculated value of 

4 the secret pattern and the calculated value of the input pattern. 

1 17. The method of claim 16, wherein the step of generating the calculated value of the secret 

2 pattern comprises generating a hash of the secret pattern and the step of generating the calculated 

3 value of the input pattern comprises generating a hash of the input pattern. 

1 18. The method of claim 1 , wherein the step of determining the secret pattern comprises 

2 determining at least one secret point located in a display area and determining at least one 

3 approximation region associated with the at least one secret point 

1 19. The method of claim 1 , further comprising a step of providing at least one memory cue to the 

2 user. 

1 20. The method of claim 19, wherein the step of providing at least one memory cue to the user 

2 comprises providing at least one of a visual memory cue and an auditory memory cue. 

1 21 . An authenticator for authenticating a user of a resource, comprising: 

2 a graphical interface capable of receiving graphical input from a user; 

3 a secret pattern; 

4 an input pattern entered on the graphical interface by the user; 

5 an approximation parameter for use in comparing the secret pattern and the input pattern 

6 to determine if the secret pattern and the input pattern are approximately similar within limits 

7 defined by the approximation parameter; and 
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8 a verifier in communication with the graphical interface, the verifier authenticating the 

9 user by comparing the secret pattern and input pattern using the approximation parameter, 

1 22. The authenticator of claim 21, wherein the graphical interface displays a portion of the secret 

2 pattern to the user. 

1 23. The authenticator of claim 22, wherein the graphical interface uses a display parameter to 

2 determine the displayed portion of the secret pattern. 

1 24. The authenticator of claim 21 , wherein the secret pattern is based on a grid. 

1 25. The authenticator of claim 24, wherein the approximation parameter comprises at least one 

2 block of cells in the grid based on the secret pattern. 

1 26. The authenticator of claim 2 1 , wherein the input pattern comprises an input sequence and the 

2 secret pattern comprises a secret sequence, and the verifier compares the input sequence and the 

3 secret sequence. 

1 27. The authenticator of claim 21 , wherein the graphical interface comprises a displayed grid 

2 and the user enters the input pattern on the displayed grid. 

1 28. The authenticator of claim 21, wherein the input pattern comprises a squiggle. 

1 29. The authenticator of claim 28, wherein the squiggle comprises a random shape. 

1 30. The authenticator of claim 21, wherein the input pattern comprises a symbol. 

1 31. The authenticator of claim 30, wherein the symbol comprises at least one of a letter and a 

2 number. 

1 32. The authenticator of claim 2 1 , wherein the input pattern comprises a sketch. 

1 33. The authenticator of claim 21 wherein the user selects at least one point on each of a 

2 plurality of images displayed on the graphical interface when entering the input pattern on the 

3 graphical interface. 

1 34. The authenticator of claim 21 , wherein the verifier allows access to a resource in response to 

2 authenticating the user. 

1 35. The authenticator of claim 34, wherein the resource comprises at least one of a hardware 

2 device, a computer system, a portable computer, a software application, and a database. 
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1 36. The authenticator of claim 21, wherein the verifier generates a calculated value of the secret 

2 pattern and a calculated value of the input pattern; and compares the calculated value of the 

3 secret pattern and the calculated value of the input pattern. 
4 

1 37. The authenticator of claim 36, wherein the verifier generates a hash of the secret pattern and 

2 a hash of the input pattern. 
3 

1 38. The authenticator of claim 21, wherein the graphical interface determines at least one secret 

2 point located in a display area and at least one approximation region associated with the at least 

3 one secret point 
4 

1 39. The authenticator of claim 21, wherein the graphical interface provides at least one memory 

2 cue to the user. 
3 

1 40. The authenticator of claim 39, wherein the graphical interface provides at least one of a 

2 visual memory cue and an auditory memory cue. 
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